The U.K.’s National Cyber Security Centre (opens in new tab) has issued a stark warning to people who use their pets' names as their passwords: Don't.
The blog post, timed to coincide with National Pet Day this weekend, suggests that perhaps the name of a beloved animal might be a bit easy for hackers to guess, especially if you’re always posting cute pics of your favorite furry friends online.
Apparently 15% of British people use their pets' names as their passwords for online accounts. Another 14% use family members’ names and 13% are securing their data with a password based on a memorable date.
- Here are the best password managers
- Our tips for protecting your online password
- Plus: Should you use a password manager?
Surprisingly, for an agency using “cyber” in its name, the advice the NCSC gives is actually pretty decent. The NCSC says that you should use strong passwords for email, making sure each password is different from those for other accounts. The goal is to make sure that if anyone nabs your Netflix password, they can’t also access your email with that same key.
The best advice revolves around password choice. You can get a secure password by picking three random words. Good passwords don’t have to be hard to remember or contain lots of special characters to be secure, although many sites force annoying characters on you, sadly.
It would be far better to pick a password like “rex railway bone” than “rex1234&*%”. There’s no point explaining why that’s the case when Randall Munroe has already done a perfect job (opens in new tab) at XKCD. But in summary, long password phrases you can remember are better than short passwords that are nearly impossible to remember.
Aside from pet names, the NCSC also laid out other usual faults. Around 6% of people use “password” somewhere in their password, or as the whole thing. This is frighteningly stupid, obviously. But then again, we’ve all gotten frustrated setting up yet another account online, so most of us are guilty of doing it at some point.
The best advice is probably still to use a password manager and generator, like one from our best password managers roundup. Although the convenience of having them sync with the cloud is worthwhile, and those services are often secure and well-encrypted, having a locally stored version you back up to USB sticks is a safer bet.
Also, please use two-factor authentication as well. Tools like Google Authenticator won’t rely on SMS or email codes to work, which can be great if someone manages to take over your phone account, which can and does happen.